{"id":8792,"date":"2020-10-18T13:41:41","date_gmt":"2020-10-18T20:41:41","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?post_type=patch_watch&p=8792"},"modified":"2023-03-03T14:22:16","modified_gmt":"2023-03-03T21:22:16","slug":"oct-7-csw-patch-watch-security-updates","status":"publish","type":"patch_watch","link":"https:\/\/10.42.32.162\/patch_watch\/oct-7-csw-patch-watch-security-updates\/","title":{"rendered":"Oct 7: CSW Patch Watch & Security Updates"},"content":{"rendered":"

 <\/p>\n

\"\"<\/span><\/span><\/strong><\/p>\n

In our Oct 7 edition of Patch Watch, we have 13 vendors (Apple, CISCO, IBM, RedHat, Dell, Android and others) who released 93 patches, hotfixes and security updates. A few interesting callouts would be 13 weaponized vulnerabilities with known exploits and 11 old vulnerabilities (2015 – 2019) that are getting patches released only now (two vulnerabilities ranked critical and one of them has a known exploit).<\/span><\/span><\/strong><\/p>\n

Read on to know what you need to patch first and why…<\/span><\/span><\/p>\n

    \n
  1. \"\"We have 93 vulnerabilities in focus for this week –<\/strong><\/span><\/span>\n
      \n
    1. 14 Hotfixes<\/span><\/span><\/li>\n
    2. 7 Patches<\/span><\/span><\/li>\n
    3. 72 updates\u00a0<\/span><\/span><\/li>\n<\/ol>\n<\/li>\n
    4. Among the 93 vulnerabilities we found – <\/strong><\/span><\/span>\n
        \n
      1. 79 vulnerabilities are yet to be weaponized.<\/span><\/span><\/li>\n
      2. 13 vulnerabilities have known exploits and are weaponized.<\/span><\/span><\/li>\n<\/ol>\n<\/li>\n
      3. We analyzed the 13 weaponized vulnerabilities and here are our findings <\/span><\/span><\/strong>\"\"<\/span><\/span>\n
          \n
        1. \n

          8 CVEs are<\/span><\/span>\u00a0associated with Remote Code Execution (RCE).<\/span><\/span><\/p>\n<\/li>\n

        2. \n

          CVE-2020-8166<\/a> has Cross-Site Request Forgery (CSRF) with medium severity that forces an end user to carry out unwanted actions on a web application given the CVSS score of 4.3.<\/span><\/span><\/p>\n<\/li>\n

        3. \n

          3 CVEs were associated with Denial of Service (DoS) rendering online service unavailable for its intended users.<\/span><\/span><\/p>\n

            \n
          1. \n

            CVE-2020-4414<\/a> (Medium Severity & CVSS Score 5.1)<\/span><\/span><\/p>\n<\/li>\n

          2. \n

            CVE-2020-25220<\/a> (High Severity & CVSS Score 7.8)<\/span><\/span><\/p>\n<\/li>\n

          3. \n

            CVE-2020-14364<\/a> (Medium Severity & CVSS Score 5.3) – this issue has affected both Huawei and RedHat Products.<\/span><\/span><\/p>\n<\/li>\n<\/ol>\n<\/li>\n

          4. \n

            CVE-2020-5980<\/a> has Privilege Execution (PE) Capabilities with a CVSS score of 7.8, which may target systems or applications by allowing them to override the limitations of the current user account.<\/span><\/span><\/p>\n<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n

            You can download patches for 13 weaponized\u00a0vulnerabilities here –<\/span><\/span><\/p>\n